Xint
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a legitimate X/Twitter research CLI, but it needs Review because it uses sensitive X/xAI credentials and OAuth account-write authority that are under-declared in the registry metadata.
Review this before installing. It is not clearly malicious, but it can use paid X/xAI credentials, store OAuth tokens, and change your X account state through follow, list, block, mute, like, and bookmark operations. Provide only the credentials you need, prefer read-only usage, require confirmation for write actions, and avoid enabling webhooks or MCP SSE unless you understand the exposure.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may give the agent access to paid API credentials and X account authorization that are not visible in the registry permission summary.
The skill requires an X API bearer token and can optionally use xAI and OAuth credentials, while the registry metadata shown for this review says required env vars and primary credential are none.
credentials:\n - name: X_BEARER_TOKEN ... required: true\n - name: XAI_API_KEY ...\n - name: XAI_MANAGEMENT_API_KEY ...\n - name: X_CLIENT_ID ...\nrequired_env_vars:\n - X_BEARER_TOKEN\nprimary_credential: X_BEARER_TOKEN
Only install if you intend to provide these credentials. Use least-privilege X/xAI keys, keep OAuth optional until needed, and ensure the registry metadata is corrected to declare required credentials.
If an agent runs these commands without clear user confirmation, it could change who you follow, block or mute accounts, or alter lists on your X account.
The CLI exposes OAuth-backed commands that mutate the user's X account state, including following/unfollowing, list membership changes, and block/mute actions.
Lists ... Create a private list ... Add/remove members ... Blocks & Mutes ... Add/remove ... Follow Actions (OAuth)\n\nxint follow @username\nxint unfollow @username
Require explicit user approval for all write/moderation commands, use read-only mode by default where possible, and avoid granting OAuth scopes unless you need account-changing actions.
A compromised upstream repository, release, or dependency could affect the local installation.
The documented installer pipes a remote script into a shell; install.sh then downloads a GitHub release and runs Bun dependency installation. This is common for CLIs but increases supply-chain reliance.
curl -fsSL https://raw.githubusercontent.com/0xNyk/xint/main/install.sh | bash
Prefer package-manager installs or manual source review, pin a release version, and require checksum verification when using the installer.
Search queries, monitoring results, or tweet data could be sent to a configured third-party webhook.
The skill can forward watched X data to webhook endpoints. The artifacts disclose HTTPS requirements and an optional allowlist, so this is purpose-aligned but sensitive.
watch and stream can send data to webhook endpoints ... Optional host allowlist: XINT_WEBHOOK_ALLOWED_HOSTS=hooks.example.com,*.internal.example
Use webhooks only when needed, prefer trusted HTTPS endpoints, configure XINT_WEBHOOK_ALLOWED_HOSTS, and avoid sending sensitive queries to third parties.
If enabled or bound too broadly, another local or network client could invoke X search or account-action tools through MCP.
The optional MCP server exposes xint commands to other agents/tools. The documentation says stdio/local is default and SSE is opt-in, with policy and auth controls.
bun run xint.ts mcp starts a local MCP server exposing xint commands as tools ... no inbound web server unless --sse is explicitly enabled
Keep MCP on local stdio unless needed, use read_only policy by default, require a strong auth token for SSE, and do not bind to non-loopback interfaces unless necessary.
Local cache, exports, snapshots, or OAuth tokens could reveal research topics or account access if the directory is shared or backed up insecurely.
The skill persists API-derived data and OAuth tokens locally. This is disclosed and scoped to the skill directory, but persisted outputs may contain sensitive queries or account information.
This skill writes to its own `data/` directory: cache, exports, snapshots, OAuth tokens\n- OAuth tokens stored with restrictive permissions (chmod 600)
Keep the data directory private, review exports before sharing, and delete cached data or OAuth tokens when no longer needed.